chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc - Issue 143183007: Update policy signature verification to include policy domain.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

Issue 143183007: Update policy signature verification to include policy domain. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Fixed style error. Created 6 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc ('k') | chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos_unittest.cc » ('j') | chrome/browser/chromeos/settings/session_manager_operation.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

diff --git a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

index 467aec739f59d912e8a5dc1e6279b5492f04d56e..26ca16442b0d4c6706a9fa06a5a9ecce2c261088 100644

--- a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

+++ b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

@@ -49,6 +49,11 @@ void SampleValidationFailure(ValidationFailure sample) {

VALIDATION_FAILURE_SIZE);

}

+// Extracts the domain name from the passed username.

+std::string ExtractDomain(const std::string& username) {

+ return gaia::ExtractDomainName(gaia::CanonicalizeEmail(username));

} // namespace

// Helper class for loading legacy policy caches.

@@ -259,7 +264,7 @@ void UserCloudPolicyStoreChromeOS::LoadImmediately() {

validator->ValidateSignature(

policy_key_,

GetPolicyVerificationKey(),

- std::string(), // No signature verification needed.

+ ExtractDomain(sanitized_username),

allow_rotation);

validator->RunValidation();

OnRetrievedPolicyValidated(validator.get());

@@ -273,12 +278,13 @@ void UserCloudPolicyStoreChromeOS::ValidatePolicyForStore(

CloudPolicyValidatorBase::TIMESTAMP_REQUIRED);

validator->ValidateUsername(username_);

if (policy_key_.empty()) {

- validator->ValidateInitialKey(GetPolicyVerificationKey());

+ validator->ValidateInitialKey(GetPolicyVerificationKey(),

+ ExtractDomain(username_));

} else {

const bool allow_rotation = true;

validator->ValidateSignature(policy_key_,

GetPolicyVerificationKey(),

- std::string(),

+ ExtractDomain(username_),

allow_rotation);

}

@@ -377,7 +383,7 @@ void UserCloudPolicyStoreChromeOS::ValidateRetrievedPolicy(

const bool allow_rotation = false;

validator->ValidateSignature(policy_key_,

GetPolicyVerificationKey(),

- std::string(),

+ ExtractDomain(username_),

allow_rotation);

// Start validation. The Validator will delete itself once validation is

// complete.